can not execute exe files to fix problems with my computer things getting worse, HELP

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rencourt

Thread Starter
Joined
May 4, 2010
Messages
29
This started suddenly. I had just worked on a windows movie maker file for a friends daughter for a school project and was using nero to convert it to a dvd file. After the first attempt was unsuccessful, my computer was crashing and I rebooted. When I did, I could no longer open my Nero, I got the following error:
"Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

I soon found out, I also got this when I tried to use winzip, or vlc media player.

Who knows what else is effected. I have been searching for fixes, and found several threads here.

I have already tried a system restore to earlier in the day before it occured, as well as tried merging exefix.reg from another post reccomendation, and following instructions from http://support.microsoft.com/?kbid=308421 still no luck.

Everything works fine in safe mode and I AM the administrator of my system.

I have a paid version of AVG. Ran virus checks, malware and spyware checks, nothing suspicious shows up.
It has now effected more programs, I initially posted in software, but now Im afraid its a malware or hidden trojan, as more and more programs become effected. PLEASE HELP I use my computer for my business with web design, photo editing and computer generated art.

I have since tried to uninstal my AVG and reinstall, system restore, last working configuration, HELP

I am now unable to use internet explorer or google chrome browsers, only firefox is working... Please someone save me!

when I try to execute fix files even in safe mode I get this error:
'system admin has set policies to prevent this install'

Can some one please tell me what to check/change to work around this block so I can fix my computer?

I'm out of ideas! Can anyone help?
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,801
Try this fix: EXEFIX

Save the .reg file to your desktop. Double-click it to merge it to the registry.

Reboot.

If the fix only opens as a text file, right-click it and select Open With > Choose Program... Then, select the Registry Editor.


If the Registry Editor is not in the list, browse to C:\WINDOWS and select regedit

Hope it help!
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,801
Then,

Please click here to download and install version 2.0.2 of the HijackThis Installer.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything
 

rencourt

Thread Starter
Joined
May 4, 2010
Messages
29
The registry fix was one of the first things I did, it didnt work.
I am at work now, I will do the hijack this when I get home.
I hope it does not include an exe file, because if it does Im sure I will get the same 'windows can not access.... stuff'

I appreciate you trying to help me more than you know.

I have had a post on majorgeeks for 2 days, has had 70+ readers and no replies!

:)
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,801
If you get something similar to this poster:

Tried downloading a reg fix but couldn't open it (got the 'select program to run this file or use the web to find the appropriate application' box)
Select the Registry Editor.
 

rencourt

Thread Starter
Joined
May 4, 2010
Messages
29
no, sorry for the misunderstanding,
I completed the merge registry... it just didnt solve the issue.

I am going to try to complete the hijack this and post the results when I get home.
Im leaving work in a few minutes. I will be home in about 30 min.
However long it takes me to run the hijack (if my computer allowes me to execute it, with the current problems I am having) I will post the results and await further instruction.

Thanks again for your assistance!
It is appreciated more than you know!
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,801
If you can't run any .EXE files, I doubt you'll be able to run HijackThis. Nonetheless, try it if you can.
 

rencourt

Thread Starter
Joined
May 4, 2010
Messages
29
when I try to run it in standard mode I get the same error I'm getting with most things at this point:
""Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

In the beginning it was just a few things like Nero, VLC, and Incredimail, and it is rapidly growing to effect most things on my computer.

Some programs will work in safe mode, but exe files mostly are giving me this error:
'system admin has set policies to prevent this install'

This all started after I was helping my friends daughter with a school movie project. The only thing that I can imagine could have started it, I downloaded a song from a file sharing network that I pay to be a member of (mp3 rocket) I have had it over 2 years and never had a problem.

One of the songs was currupt and I deleted it immediately, but it may have had a virus/bug.
However when I ran AVG (paid version) Malware and Spybot search and destroy all came up completely clean.

I will do a reboot now and try to run the hijack in safe mode. If it doesnt work, I will be back. In the mean time, do you have any ideas for me to check settings to figure out what is wrong in safe mode to be giving me that error when I am logged in as administrator?

Thanks for your patience and help!
I'll be back - off to safe mode!
 

rencourt

Thread Starter
Joined
May 4, 2010
Messages
29
success... can't believe it!
I was able to install and run hijack this as admin in safe mode.
the following is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:43 PM, on 5/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://products.webroot.com/disp020...2C6-9AF8-E07BCD7D0FAA&kc=ppcftoqi^^aerproljkf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <title>cominstall-adobe-flash.com</title>
O1 - Hosts: ChkRequestEnc('YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTQgMTY6NTU6NDgiO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6NDtzOjc0OiIvaC5waHA/Y2FjaGluZ0Rlbnk9M01lM2NOazU5Mmo3ODVuNSZpZD1oLmNvbSZpcD0xMjcuMC4wLjEmbW9kZT1ob3N0cyZkbGw9MSI7aTo1O3M6MTM6Ijk4LjE1Ny42Ni4xMzYiO2k6NjtzOjI6IjExIjtpOjc7czowOiIiO2k6ODtzOjE6InQiO2k6OTtOO2k6MTA7TjtpOjExO047aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2luZy5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA/ZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O047aToyMDtOO30=');
O1 - Hosts: </script>
O1 - Hosts: {
O1 - Hosts: tW.blur();
O1 - Hosts: window.focus();
O1 - Hosts: }
O1 - Hosts: </script>
O1 - Hosts: </head>
O1 - Hosts: <noframes>
O1 - Hosts: </body>
O1 - Hosts: </noframes>
O1 - Hosts: </frameset>
O1 - Hosts: </html>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysTrayApp] "C:\Program Files\IDT\WDM\sttray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: Csrss - C:\WINDOWS\SYSTEM32\csrss2.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10355 bytes

Additionally upon reboot I got a couple errors one was from microsoft frame work. it said:
An unhandled exception has occured in a component in your application. Click continue and application will ignore this error and attempt to continue (invalid window class name) I clicked on details and there was a detailed log. I saved it, and can post it if needed. But I'll just let you deal with the hijack log for now.

Thanks again for your time!

R
 

rencourt

Thread Starter
Joined
May 4, 2010
Messages
29
i see where it shows 'mywebstart' as my start/ home page - it isnt. I have incredimail, but I untoggle the mywebstart option. It did however put a search bar on my firefox I dont know how to disable... it isnt in my programs list to uninstall.
 

rencourt

Thread Starter
Joined
May 4, 2010
Messages
29
Ok thanks, is it BAD? Once I'm fixed, will my programs work? Or is this something that is going to cause irreversable damage?
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,801
I honestly don't know. A malware removal expert will be more suited to answer that.
 

rencourt

Thread Starter
Joined
May 4, 2010
Messages
29
Should I keep my computer off while I wait? Will it continue to get worse if I dont?
How did it get passed all my maleware, spyware and antivirus programs? CRAP!
Will 48 hours cause more damage to occure? Now I'm freaked~
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top